Senior Security & GRC Program Manager

Summary

Join Mediavine's Privacy & Compliance team as a Senior Security & GRC Program Manager. You will be a key player in shaping and leading security strategy, governance, risk management, and compliance initiatives. Collaborate across teams to implement security and compliance requirements, driving continuous improvement. Balance security needs with business priorities, bringing hands-on expertise in building and scaling security programs. This role reports to the Director of Privacy & Compliance and involves managing security projects, compliance audits, and continuous improvement initiatives. The position requires proactive leadership and a practical approach. This is a 100% remote position based in the United States.

Requirements

• Degree in Information Technology, Cybersecurity, Computer Science, or a related field (or equivalent experience)
• 7+ years of experience in security and GRC roles, with at least 5 years of hands-on experience building and managing security and compliance programs in high-growth environments
• Strong understanding of security principles, frameworks, and best practices
• Proven ability to balance security requirements with business objectives
• Hands-on experience with the NIST Cybersecurity Framework (CSF)
• Deep knowledge of GRC frameworks and regulations such as NIST CSF, SOC 2, GDPR, and CCPA
• A solid track record of implementing risk management practices that proactively mitigate security risks and support business objectives
• Demonstrated ability to take a hands-on approach in managing security tools, conducting audits, drafting policies, and executing compliance programs
• Strong written and verbal communication skills, with the ability to translate complex security and compliance concepts into understandable language for non-technical stakeholders
• Ability to work across multiple teams and levels of the organization, influencing and driving alignment on security and compliance objectives
• Experience with tools such as AWS, Google Workspace, Slack, and security platforms
• Required travel on an as needed basis, for our annual All Hands Retreat, Team Retreats/Meetings and/or industry events/conferences (approx. 15%)
• Applicants must be based in the United States

Responsibilities

• Develop and implement a comprehensive security strategy that aligns with the company’s business goals and risk profile
• Drive the end-to-end execution of security programs and initiatives, including technical and operational tasks, from inception to completion
• Identify, assess, and mitigate security risks while providing practical, actionable solutions that balance security with business needs
• Lead incident response efforts, ensuring timely action and effective communication during security incidents
• Take a hands-on approach to managing security tools and platforms, performing security audits, and ensuring compliance deliverables are met
• Conduct periodic security reviews and assessments as part of the third-party risk management program
• Stay informed on emerging security threats and innovations, integrating new technologies and strategies to enhance our security posture
• Lead the development and delivery of security awareness and training programs across the organization
• Own and refine our Governance, Risk, and Compliance (GRC) framework, ensuring alignment with industry standards such as NIST CSF, SOC 2, GDPR, CCPA, and other relevant frameworks
• Monitor evolving regulatory requirements and ensure compliance across departments without disrupting business operations
• Collaborate with cross-functional teams to embed compliance processes into day-to-day operations and ensure security best practices are followed
• Build and implement risk management strategies that support informed decision-making at all levels of the business
• Manage multiple GRC-related projects from planning through execution, ensuring appropriate resource allocation and successful delivery of outcomes
• Serve as the subject matter expert for all security and risk-related decisions, providing guidance to teams across the organization
• Required travel on an as needed basis, for our annual All Hands Retreat, Team Retreats/Meetings and/or industry events/conferences (approx. 15%)

Preferred Qualifications

• Industry certifications such as CISSP, CISM, or CISA
• Familiarity with the Ad Tech industry and its unique security and compliance challenges
• Experience with security tools like JAMF Protect, Astra, or KnowBe4
• Knowledge of additional security frameworks or industry standards

Benefits

• 100% remote
• Comprehensive benefits including Health, Dental, Vision and 401k match
• Generous paid time off
• Wellness and Home Office Perks
• Up to 12 weeks of paid Parental Leave
• Inclusive Family Forming Benefits
• Professional development opportunities
• Travel opportunities for teams, our annual All Hands retreat as well as industry event